Jump to content

unstoppable redirects! please help with hijackthis log!


Recommended Posts

i did not download and use the other programs suggested in the forum before posting this log, as i am hoping they wont be necessary. if they are, please tell me and i will do so. thanks for any help!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:16:58 PM, on 3/22/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

C:\WINDOWS\runservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\WINDOWS\Explorer.EXE

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\Compaq\EAKDRV\EAUSBKBD.EXE

C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe

C:\WINDOWS\system32\defrag.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\SoftwareDistribution\Download\Install\Windows-KB890830-V1.39.exe

c:\e41af56d7b911b1a9d39287968\mrtstub.exe

C:\WINDOWS\system32\MRT.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\brian gasper\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: VCS3IESupport Class - {B9D6B3C2-09AD-464A-8162-8C55114C808A} - C:\Program Files\AV VCS 3.0 DIAMOND\Vcs3RT.dll

O3 - Toolbar: Protection Bar - {fe2d25c1-c1db-4b5e-9390-af1cb5302f32} - (no file)

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe

O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe

O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [burnQuick Queue] C:\WINDOWS\BQTray.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe

O4 - HKLM\..\Run: [capfupgrade] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [msdtctm] C:\WINDOWS\System32\msdtctm.exe

O4 - HKCU\..\Run: [spanish] C:\Program Files\Learn To Speak Chinese Demo V2.9\Study Conversation.exe

O4 - HKCU\..\Run: [198_150_ni_1] "C:\Documents and Settings\brian gasper\198_150_ni_1.exe"

O4 - HKCU\..\Run: [wmvdmoe] "C:\WINDOWS\system32\wmvdmoe.exe"

O4 - HKCU\..\Run: [ialmcoin_0_pv1102] "C:\WINDOWS\system32\ialmcoin_0_pv1102.exe"

O4 - HKCU\..\Run: [d3d9] "C:\WINDOWS\system32\d3d9.exe"

O4 - HKCU\..\Run: [kbdkaz] "C:\WINDOWS\system32\kbdkaz.exe"

O4 - HKCU\..\Run: [ltefx11n] "C:\WINDOWS\system32\ltefx11n.exe"

O4 - HKCU\..\Run: [ir50_qcx] "C:\WINDOWS\system32\ir50_qcx.exe"

O4 - HKCU\..\Run: [pcdlib32] "C:\WINDOWS\system32\pcdlib32.exe"

O4 - HKCU\..\Run: [bfc42d] "C:\WINDOWS\system32\bfc42d.exe"

O4 - HKCU\..\Run: [kbdaze] "C:\WINDOWS\system32\kbdaze.exe"

O4 - HKCU\..\Run: [upnphost] "C:\WINDOWS\system32\upnphost.exe"

O4 - HKCU\..\Run: [security] "C:\WINDOWS\system32\security.exe"

O4 - HKCU\..\Run: [xactsrv] "C:\WINDOWS\system32\xactsrv.exe"

O4 - HKCU\..\Run: [igfxres] "C:\WINDOWS\system32\igfxres.exe"

O4 - HKCU\..\Run: [bidispl] "C:\WINDOWS\system32\bidispl.exe"

O4 - HKCU\..\Run: [wuaueng1] "C:\WINDOWS\system32\wuaueng1.exe"

O4 - HKCU\..\Run: [wpdtrace] "C:\WINDOWS\system32\wpdtrace.exe"

O4 - HKCU\..\Run: [itss] "C:\WINDOWS\system32\itss.exe"

O4 - HKCU\..\Run: [modemui] "C:\WINDOWS\system32\modemui.exe"

O4 - HKCU\..\Run: [es] "C:\WINDOWS\system32\es.exe"

O4 - HKCU\..\Run: [msctfp] "C:\WINDOWS\system32\msctfp.exe"

O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: desktop(2)(2).ini

O4 - Startup: desktop(2).ini

O4 - Startup: desktop(3).ini

O4 - Global Startup: desktop(2)(2).ini

O4 - Global Startup: desktop(2).ini

O4 - Global Startup: desktop(3).ini

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409

O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://softdev.adelphia.net/sdccommon/download/tgctlins.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep.com/get/k42037/sb02a.cab

O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab

O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.sunterra.com/downloads/svh/svideo3.cab

O18 - Filter hijack: text/html - (no CLSID) - (no file)

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe

O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe

O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe

O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe

O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--

End of file - 9850 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.